2945 HIPAA Runs Into Legal Trouble Lawsuit Challenges Patient Privacy Regulations
Printer Friendly Email a Friend PDF RSS Feed

Dynamic Chiropractic – January 29, 2004, Vol. 22, Issue 03

HIPAA Runs Into Legal Trouble Lawsuit Challenges Patient Privacy Regulations

By Editorial Staff
While the Health Information Portability and Accessibility Act (HIPAA) was designed to protect the private health information of Americans, some believe it actually takes certain privacy rights away from individuals. That contention is the basis of a lawsuit filed in federal district court in April 2003 against the Department of Health and Human Services (DHHS). To date, 17 organizations and individuals have signed on as co-plaintiffs in the suit against the DHHS, including the Foundation for Health Choice, headed by Tedd Koren, DC. Together, the plaintiffs represent approximately 750,000 consumers and medical professionals.

In the first significant development since the suit was filed, Federal Judge Mary McLaughlin heard arguments from the plaintiffs and representatives of the Justice Department in December 2003 regarding the constitutionality of the regulations, with both sides seeking an immediate ruling.

Developed during the Clinton administration and adopted by the Bush administration in early 2001, the original draft of the HIPAA regulations contained a stipulation that none of the health data collected from a patient could be transferred by a practitioner to any other party without the patient's prior consent. The suit alleges that in August 2002, HHS Secretary Tommy Thompson reconsidered the rule and decided, in a move "determined to eliminate consent," that patient health data could be transferred from practitioners to covered parties and other groups - without written permission from the patient.

Under the revised regulations, created by Sec. Thompson and effective April 2003, health care providers may share patient records for the purposes of treatment and other "health care operations." Providers are required to obtain consent from patients before they can disclose medical information in "nonroutine" cases. However, for "routine uses," providers do not have to obtain written consent before they disclose medical records, but need only inform patients of their new rights and make a "good faith effort" to obtain written acknowledgement. Furthermore, patients have no control over how that information is used or shared by health plans, billing companies, and groups that do business with medical providers, such as attorneys, consultants and pharmaceutical companies.

"As of April 14, there is no ability of an individual to control the disclosure of personal information," said attorney James Pyles, who filed the suit on behalf of Citizens for Health, a Washington, D.C.-based health consumer group. "We as plaintiffs have a right to not have the federal government grant express federal authority to third parties to release our private information to other members of the public."

In an interview with the Associated Press, Pyles expanded on the type of information that could be made available without a patient's consent:

"All sorts of things can be revealed: your sexual orientation, whether you have been tested for a sexually transmitted disease, whether you have ever had an abortion. Under the new rules, it's impossible to know where the information is going, or who is seeing it."

"The administration stepped forward and said, 'We can waive this [privacy] right as stand-ins for the American citizens," added James Turner, an attorney for the plaintiffs and chair of Citizens for Health. "To understand the situation, the kind of data we are talking about is about disease diagnosis. Up until now, [that data] has been held by the practitioner and could only be released if the patient said it was all right to release it. Now, that information gets uploaded every time you send information to Medicare or to an insurance company."

In response to the complaint, the DHHS issued a legal brief stating that the rule requiring patient consent for routine uses of medical information was rejected after regulators received thousands of complaints indicating the rule would have unintended consequences, such as depriving health care providers of information needed to review patient quality of care and causing untimely delays in the delivery of services. In arguments before Judge McLaughlin, James Gilligan, an attorney with the Justice Department, explained that Sec. Thompson had to "strike a balance" between personal privacy concerns and those of health insurers and medical providers, who voiced concerns over expense and the ability to obtain patient consent every time an insurance company or specialist needed patient data.

"In the final analysis, plaintiffs have a different policy agenda than the Congress or the secretary has," Gilligan said.

The oral arguments made by Pyles and Gilligan in December were motions for summary judgment, with both sides asking Judge McLaughlin to rule in its favor without a trial. As we go to press, however, Judge McLaughlin has put the case on hold for further review, and has not indicated when (or how) she would rule.

Resources

  1. Caruso DB. Group seeks toss of patient privacy rules. Associated Press, Dec. 10, 2003.
  2. Slobodzian JA. Medical privacy lands in court. Philadelphia Inquirer, Dec. 11, 2003.
  3. Citizens' groups attack HIPAA in court, battle for privacy restoration. Chiropractic Economics December 2003.
  4. Judge hears arguments in lawsuit challenging HIPAA medical privacy rule. Missouri Institute of Mental Health Policy Information Exchange, Dec. 11, 2003. www.mimh.edu/mimhweb/pie/points/point14.htm
  5. WSJ examines lawsuit challenging HIPAA medical privacy rule. Kaiser Daily Health Policy Report, Dec. 10, 2003.

Dynamic Chiropractic editorial staff members research, investigate and write articles for the publication on an ongoing basis. To contact the Editorial Department or submit an article of your own for consideration, email .


To report inappropriate ads, click here.